testcases/audit-test/fail-safe/tests/test_pam_loginuid.bash

   1 #!/bin/bash -x
   2 # =============================================================================
   3 # (c) Copyright Hewlett-Packard Development Company, L.P., 2005
   4 # Written by Matt Anderson <mra@hp.com>
   5 #
   6 #   This program is free software: you can redistribute it and/or modify
   7 #   it under the terms of version 2 the GNU General Public License as
   8 #   published by the Free Software Foundation.
   9 #
  10 #   This program is distributed in the hope that it will be useful,
  11 #   but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 #   GNU General Public License for more details.
  14 #
  15 #   You should have received a copy of the GNU General Public License
  16 #   along with this program.  If not, see <http://www.gnu.org/licenses/>.
  17 # =============================================================================
  18 #
  19 # PURPOSE:
  20 # Verify that pam_loginuid.so allows logins when auditd is running, and denies
  21 # them when it is not.
  22 #
  23 # HISTORY:
  24 #  11/05 Initial version by Matt Anderson <mra@hp.com>
  25 #  11/05 Mods to use global TEST_USER by Aron Griffis <aron@hp.com>
  26 #
  27
  28 source testcase.bash || exit 2
  29
  30 action=$1
  31 auditd_active=$(pidof auditd)
  32
  33 # setup
  34 # make sure pam_loginuid is configured with require_auditd
  35 if grep "pam_loginuid.so" /etc/pam.d/sshd | grep -qv "require_auditd"; then
  36     backup /etc/pam.d/sshd  # restored automatically
  37     sed -i '/pam_loginuid\.so/s/$/ require_auditd/' /etc/pam.d/sshd || \
  38         exit_error
  39
  40 fi
  41 # make sure auditd is running after test
  42 prepend_cleanup 'pidof auditd &>/dev/null || service auditd start'
  43
  44 if [[ $action == "fail" && -n $auditd_active ]]; then
  45     service auditd stop || exit_error
  46 fi
  47
  48 # TEST_USER and TEST_USER_PASSWD are exported in run.bash startup()
  49 expect -c '
  50     spawn ssh \
  51     -o "PubkeyAuthentication no" \
  52     -o "NoHostAuthenticationForLocalhost yes" \
  53     -l $env(TEST_USER) localhost whoami
  54     expect -nocase {password: $} {
  55         send "$env(TEST_USER_PASSWD)\r"
  56     }
  57     expect "$env(TEST_USER)" {exit 0}
  58     exit 1'
  59
  60 case $?:$action in
  61     0:success|1:fail)
  62         exit_pass ;;
  63     1:success|0:fail)
  64         exit_fail ;;
  65     *)
  66         exit_error ;;
  67 esac
  68
  69 if [[ $action == "fail" && -n $auditd_active ]]; then
  70     service auditd start
  71 fi